You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by pa...@apache.org on 2002/06/20 07:34:19 UTC
cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry RegistryAccessController.java
paulsp 2002/06/19 22:34:19
Modified: src/java/org/apache/jetspeed/services/security/registry Tag:
security_14 RegistryAccessController.java
Log:
o Fixed class cast exception in checkPermission(... Portlet...)
o code cleanup
Revision Changes Path
No revision
No revision
1.1.2.5 +21 -5 jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/RegistryAccessController.java
Index: RegistryAccessController.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/services/security/registry/Attic/RegistryAccessController.java,v
retrieving revision 1.1.2.4
retrieving revision 1.1.2.5
diff -u -r1.1.2.4 -r1.1.2.5
--- RegistryAccessController.java 19 Jun 2002 02:44:28 -0000 1.1.2.4
+++ RegistryAccessController.java 20 Jun 2002 05:34:19 -0000 1.1.2.5
@@ -66,6 +66,7 @@
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.om.security.Role;
import org.apache.jetspeed.portal.Portlet;
+import org.apache.jetspeed.portal.PortletController;
import org.apache.jetspeed.portal.PortletSet;
import org.apache.jetspeed.services.resources.JetspeedResources;
import org.apache.jetspeed.services.Registry;
@@ -86,8 +87,6 @@
*/
public class RegistryAccessController extends TurbineBaseService implements PortalAccessController
{
- private final static String CONFIG_DEFAULT_PERMISSION_LOGGEDIN = "services.JetspeedSecurity.permission.default.loggedin";
- private final static String CONFIG_DEFAULT_PERMISSION_ANONYMOUS = "services.JetspeedSecurity.permission.default.anonymous";
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
@@ -102,7 +101,24 @@
*/
public boolean checkPermission(JetspeedUser user, Portlet portlet, String action)
{
- return checkPermission(user, (RegistryEntry) portlet, action);
+ String portletName = portlet.getName();
+ RegistryEntry registryEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET, portletName);
+ //portlet is not a portlet - probably a controller or control
+ if (registryEntry==null) {
+ PortletSet ps = portlet.getPortletConfig().getPortletSet();
+ if (ps != null) {
+ PortletController pc = ps.getController();
+ if (pc != null) {
+ portletName = pc.getConfig().getName();
+ registryEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET_CONTROLLER, portletName);
+ }
+ }
+ }
+ if (registryEntry==null) {
+ return true; // Since their is no entry, their no security to test. Per spec. all is allowed
+ }
+
+ return checkPermission(user, registryEntry, action);
}
/**
@@ -180,7 +196,7 @@
SecurityEntry securityEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, securityRef.getParent());
if (securityEntry == null)
{
- Log.warn("Security id " + securityRef.getParent() + "does not exist. This was requested by the user " + user.getUserName());
+ Log.warn("Security id " + securityRef.getParent() + " does not exist. This was requested by the user " + user.getUserName());
return false;
}
if (securityEntry.allowsUser(user.getUserName(), action))
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>